In the aftermath of 9.7 million customer files compromised by Criminals, The Australian Federal Police claims to have tracked the cybercriminals behind the Medibank ransomware attack.
The Australian Federal Police has revealed that those responsible for the data breach of Australian private health insurer Medibank are in Russia.
On 13 October, Medibank paused trading in the Australian Securities Exchange and announced there had been a “cyber incident”. At the time the company believed no data had been accessed and that the main issue was at its ahm and international student policy management units.
AFP Commissioner Reece Kershaw said on Friday that the agency knows the identity of the individuals responsible for the attack on Australia’s largest private health insurer. He declined to name the individuals but said the AFP believes that those responsible for the breach are in Russia, though some affiliates may be in other countries.
In a tweet, Australian Prime Minister Anthony Albanese, whose own Medibank data was stolen, said the AFP knows where the hackers are and are working to bring them to justice.
“Our intelligence points to a group of loosely affiliated cyber criminals, who are likely responsible for past significant breaches in countries across the world,” AFP Commissioner Reece Kershaw said in a press conference.
The hackers behind the Medibank breach have previously been linked to the high-profile Russian cybercrime gang REvil, also known as Sodinokibi. REvil’s once-defunct dark web leak site now redirects traffic to a new site that hosts the stolen Medibank data, and the hackers behind the breach have also been observed using a variant of REvil’s file-encrypting malware.
Medibank listed the annual general meeting on 16th of November along with the board Dr Tracey Batten and the Chief executive officer David Koczkar provided continuous reassurance that the company's focus was to protect data privacy of all their members.
“We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program. This includes mental health and wellbeing support, identity protection and financial hardship measures,” Medibank CEO David Koczkar said.
Shortly after the AFP announcement, the Australian federal government announced a joint operation between the AFP and the Australian Signals Directorate "to investigate, target and disrupt cyber criminal syndicates with a priority on ransomware threat groups".
Any ransom payment, small or large, fuels the cybercrime business model, putting other Australians at risk. AFP Commissioner Reece Kershaw said in a closing statement on Friday 11th November 2022.
